Configuration support for --security-opt



Kcov requires to run the container with --security-opt seccomp=unconfined. Due to no documented support for this option in CircleCI 2.0 confguration, I figure one has to resort to running kcov in a sibling container (through the bind-mounted docker.sock) with the required option. Could the option be exposed in the configuration, seeing how kcov is a popular tool for collecting test coverage?


It’s worse than I thought: it’s not possible to bind-mount docker.sock from the host machine with a docker executor, and the Docker-in-Docker thing seems only doable with setup_remote_docker. But that cannot mount volumes from the container into a remote container ran with docker run. So it appears I’m down to the slow and potentially premium-feature Machine for lack of an option.


Ah, I’ve been kicking down an unlocked door: kcov works in a vanilla docker executor, so it seems that the necessary security option is already set up.